Server Local Admin Password Audit

A situation arose where I had to check all our Windows servers to see if any were using a particular local administrator password. I wrote the following script to allow me to test a dynamically generated set of credentials. It uses WMI because that allows specifying a particular set of credentials and is relatively lightweight in comparison to other tests.

# Generate a secure string with the password stored in it. Alternatively you could prompt the user$pass=ConvertTo-SecureString -AsPlainText -Force -String "Pa55w0rdToTest"# What username should be tested?$username="Administrator"# Find every computer in AD running an operating system with "Server" in its name.foreach($serverin$(Get-ADComputer -Filter {OperatingSystem -like "*Server*"})){# Make sure the server can be contactedif(Test-Connection$server.Name -Quiet){# Build a local administrator credential$credential=New-Object System.Management.Automation.PSCredential("$($server.Name)\$username",$pass)# Try to connect to the computer with the credentialtry{$null=Get-WmiObject Win32_OperatingSystem -Credential $credential -ComputerName $server.Name
Write-Host"$($server.Name) :: Success" -ForegroundColor Green -BackgroundColor Black
}catch{Write-Host"$($server.Name) :: Fail" -ForegroundColor Red -BackgroundColor Black }}}